ROPSHELL 
ropshell> use 8594d72bd897b2285864b48f444678b8 (download)
name         : libc-2.24.so (arm/ELF)
base address : 0x16040
total gadgets: 5563

ropshell> suggest
jmpcall
    > 0x00028d61 : bx r0
    > 0x000392f1 : bx r1
    > 0x0004554f : bx r2
    > 0x000166cf : bx r3
    > 0x00055949 : bx r6
load mem
    > 0x000486f3 : ldr r0, [r2]; pop {r4, r5, r6, pc}
    > 0x000483cd : ldr r0, [r3]; pop {r3, r4, r5, pc}
    > 0x0006833f : ldr.w fp, [r8, r3]; pop {r4, r5, pc}
    > 0x0004300f : ldr r1, [r0, #0x58]; pop {r4, r5, r6, pc}
    > 0x00023e0d : ldrh r2, [r0, #0x18]; pop {r3, pc}
pop pop ret
    > 0x000b9ccf : pop {pc}
    > 0x0003e6d3 : pop {r0, pc}
    > 0x000b6fde : pop {r0, r1, pc}
    > 0x0005a369 : pop {r0, r1, r5, pc}
    > 0x0003e017 : pop {r0, r1, r2, r5, pc}
stack pivoting
    > 0x00071d63 : mov sp, r7; pop {r3, r4, r5, r6, r7, pc}
    > 0x00044b5b : mov sp, r5; adds r7, #8; mov sp, r7; pop.w {r4, r5, r6, r7, lr}; add sp, #0xc; bx lr
    > 0x00071843 : mov sp, r8; adds r7, #0xc; mov sp, r7; pop.w {r4, r5, r6, r7, r8, lr}; add sp, #0xc; bx lr
syscall
    > 0x000166f5 : svc #0; pop {r7, pc}
write mem
    > 0x000b46c7 : str r4, [r0]; pop {r3, r4, r5, pc}
    > 0x0004a3f5 : str r3, [r1]; pop {r4, pc}
    > 0x000ad821 : str r3, [r2]; pop {r3, r4, r5, pc}
    > 0x000472f5 : str r5, [r2]; pop {r3, r4, r5, pc}
    > 0x000908bf : str r0, [r3]; pop {r3, pc}

© 2014 - 2019 - Powered by ROPEME | Contact